I am wondering what exactly is a port scan, what does it do, and why would a web site do one. Also is it something done intentional.

As today i made a post in a DVD Discussion forum. Nothing inncoious just a general discussion post. Then 20 minutes later after leaving that forum and gernerally browsing the net (that forum was not even open in the background). I got a pop and warning sound (usually means something not good) from Outposts saying a port scan have been made and it originated from that discussion forum.

I immediately went to that forum to see nobody on that site except the sites adminitstrator.

What is wrong. And what was this web site trying to accomplish by doing a port scan on me. Is it just an identity check or was it an attempt at a malicious attack.

The other suprising this is i am behind a router which unless i have misunderstood have been told in the past by people here at wilders i should be safe from things like this, so this concerns me even more.

So what exactly are port scans, and what are they used for.

Thanks
Anthony

-{ Quote: "I am wondering what exactly is a port scan, what does it do, and why would a web site do one. Also is it something done intentional." }-You mean you actually don't even know what a portscan is? ::) And sorry if I sound rude, but it's something so common and it's so easy to find information on portscans, that I have no idea why you are asking here instead of just go on Google and find some links.

The question was a two tier one, i was asking what a port scan was in relation to why i received one from a seemingly reputable DVD discussion forum, but as you are right i did not know what is was exactly. So from a google search.
-{ Quote: "
A port scan is a series of messages sent by someone attempting to break into a computer to learn which computer network services, each associated with a "well-known" port number, the computer provides. Port scanning, a favorite approach of computer cracker, gives the assailant an idea where to probe for weaknesses. Essentially, a port scan consists of sending a message to each port, one at a time. The kind of response received indicates whether the port is used and can therefore be probed for weakness. " }-

But this has only confused me more, as can someone please explain the use a reputable web site would have to do this. As this description puts it into a very malicious practice. So why would one eminate from a reputable discussion forum. (and like you say it may be obvious to those in the know, but if i get security warnings i do not know about i obviously enquire about them on a securtiy forum to releive any possible concerns about it i may have. I did not think there was anything wrong with this).

Thanks
Anthony

-{ Quote: "But this has only confused me more, as can someone please explain the use a reputable web site would have to do this." }-How do you know it was the website that did the portscan? Did the IP of the machine that port-scanned you match the IP of the web site? Are you sure it was a portscan, anyway, and what range of ports did it scan?

And yes, portscanning is usually a malicious practice, unless it's done on purpose by you on your own machine or in a similar way (i.e. there are web sites that offer a free remote portscan on your machine -- though most of the time, not complete -- so that you can see what ports are open on the Internet); mind you, portscanning is malicious only in the fact that it LOOKS for vulnerabilities or trojan ports. There is no danger whatsoever in being ONLY portscanned; the danger is when a vulnerability is found and exploited.

-{ Quote: "How do you know it was the website that did the portscan? Did the IP of the machine that port-scanned you match the IP of the web site? Are you sure it was a portscan, anyway, and what range of ports did it scan?
" }-
I just got a pop up and warning noise from Outpost firewall warning me of a portscan, and in this popup it says where it came from and that was not an ip. But the actual name of the website. Such as for example if it said it eminated from this forum it would have said Wilderssecurity.

But the worrying thing that concerned me was that i was not even looking at the web site when it popped up. I had posted there about 20 minutes earlier. So i dont know what is going on. But why would the web site want to do a port scan on me.

-{ Quote: "I just got a pop up and warning noise from Outpost firewall warning me of a portscan, and in this popup it says where it came from and that was not an ip. But the actual name of the website. Such as for example if it said it eminated from this forum it would have said Wilderssecurity.

But the worrying thing that concerned me was that i was not even looking at the web site when it popped up. I had posted there about 20 minutes earlier. So i dont know what is going on. But why would the web site want to do a port scan on me." }-

It could well be not a port scan, but something like webalizer collecting stats on visitors.

Mike

-{ Quote: "I just got a pop up and warning noise from Outpost firewall warning me of a portscan, and in this popup it says where it came from and that was not an ip. But the actual name of the website. Such as for example if it said it eminated from this forum it would have said Wilderssecurity.

But the worrying thing that concerned me was that i was not even looking at the web site when it popped up. I had posted there about 20 minutes earlier. So i dont know what is going on. But why would the web site want to do a port scan on me." }-
Depending on the nature of the connection you had with the site/forum, it could just be late packets arriving at your system which the firewall is dropping and misinterpreting as a port scan.

-{ Quote: "The other suprising this is i am behind a router which unless i have misunderstood have been told in the past by people here at wilders i should be safe from things like this, so this concerns me even more." }-
Being behind the router also suggests that these are late packets and not a port scan or unsolicited inbound packets.

It always helps to post log samples when trying to determine what you are seeing. (protocol, source IP/port, destination IP/port - just xxx out the last portion of your public IP)

Regards,

CrazyM

These are some examples of what I understand a port scan to be:

http://www.rsjones.net/img/portscan1.gif

regards,

-rich
________________
~~Be ALERT!!! ~~